Digital authentication over acoustic channel

ABSTRACT

Apparatus and method are disclosed for digital authentication and verification. In one embodiment, authentication involves storing a cryptographic key and a look up table (LUT), generating an access code using the cryptographic key; generating multiple parallel BPSK symbols based upon the access code; converting the BPSK symbols into multiple tones encoded with the access code using the LUT; and outputting the multiple tones encoded with the access code for authentication. In another embodiment, verification involves receiving multiple tones encoded with an access code; generating multiple parallel BPSK symbols from the multiple tones; converting the BPSK symbols into an encoded interleaved bit stream of the access code; de-interleaving the encoded interleaved bit stream; and recovering the access code from the encoded de-interleaved bit stream.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation-in-part of U.S. application Ser. No.10/625,710 filed Jul. 22, 2003 now abandoned and entitled “DigitalAuthentication Over Acoustic Channel,” which is a continuation-in-partof U.S. application Ser. No. 10/139,873 filed May 6, 2002 and entitled“System and Method for Acoustic Two Factor Authentication,” which is acontinuation-in-part of U.S. application Ser. No. 10/077,365 filed Feb.15, 2002 now U.S. Pat. No. 7,251,730 and entitled “Method and Apparatusfor Simplified Audio Authentication,” all of which are assigned to thesame assignee and herein incorporated by reference.

This application is also related to the following, all of which areassigned to the same assignee of this application.

Co-pending U.S. application Ser. No. 09/611,569 filed Jul. 7, 2000 andentitled “Method and Apparatus for Secure Identity Authentication WithAudible Tones.”

Co-pending U.S. application Ser. No. 10/356,144 filed Jan. 30, 2003 andentitled “Wireless Communication Using Sound.”

Co-pending U.S. application Ser. No. 10/356,425 filed Jan. 30, 2003 andentitled “Communication Using Audible Tones.”

BACKGROUND

1. Field of Invention

The invention generally relates to authentication, and more particularlyto digital authorization of entities using sound.

2. Description of the Related Art

With the growth of electronic commerce, use of public communicationinfrastructure, such as the Internet, to access various secure networks,systems and/or applications has also grown. For example, users may gainaccess to banks (online or by automatic teller machines (ATM)), aprivate network such as an intranet, a secure server or database, and/orother virtual private network (VPN) over a public communicationinfrastructure by digital authentication.

However, with the introduction of a system of communication whereinface-to-face contact is not possible, opportunities for fraudulent orunauthorized access have increased. Misappropriated identity in thehands of wrongdoers may cause damage to individuals, organizations orother entities.

To prevent unauthorized access, various security schemes have beendeveloped to verify user or entity identification such that onlyauthorized entities are given access. One technique for userauthentication and access control can be implemented by a access codegenerating device, such as a token. Here, a unique access code isperiodically generated displayed to a user. Typically, the access codeis generated from an algorithm that is based on a secure information andthe current time. The user is then required to input the currentlydisplayed access code to gain access.

In some systems, a password is also required to gain access. These typesof systems are known as the two-factor authentication. Two-factorauthentication is typically based on something that a user has, forexample the token, and something that a user knows, such as thepassword. Because both pieces of information are used to authenticate auser, systems implementing the two-factor authentication may be lesssusceptible to attacks than a single-factor authentication.

While a token as described above may prevent unauthorized access, it iscumbersome because users must manually enter each access code duringeach access. Also, errors are more likely to occur due to the manualinput of the access code. In some systems, a user is required to inputthe access code more than once during each access, which increases theinconvenience and possibility of errors. Furthermore, because the accesscode may be based on time and is continuously displayed, a constantcomputation may be required by the token, thereby shortening the batterylife of the token.

Therefore, there is a need for a more efficient, more convenient and/ormore secure way to implement a control access system using a device.

SUMMARY

Embodiments disclosed herein address the above stated needs by providinga method for security in a data processing system.

In one aspect, an apparatus for use in authentication comprises astorage medium configured to store a cryptographic key and a look uptable (LUT); a first processor coupled to the storage medium, configuredto generate an access code using the cryptographic key; a convertercoupled to the processor, configured to convert the access code intomultiple tones encoded with the access code; and an audio output unitconfigured to output the multiple tones encoded with the access code forauthentication; wherein the converter may comprise a binary phase shiftkeying (BPSK) module configured to generate multiple parallel BPSKsymbols, and a second processor coupled to the BPSK module and thestorage medium, configured to convert the BPSK symbols into the multipletones using the LUT. Here, either one of the first or second processormay be configured to repeat the BPSK symbols a selected number of time;and the second processor may then convert repeated BPSK symbols into themultiple tones.

In another embodiment, an apparatus for use in authentication maycomprise a storage medium configured to store a cryptographic key and alook up table (LUT); a processor coupled to the storage medium,configured to generate an access code using the cryptographic key; aconverter coupled to the processor, configured to convert the accesscode into multiple tones encoded with the access code; and an audiooutput unit configured to output the multiple tones encoded with theaccess code for authentication; wherein the converter may comprise abinary phase shift keying (BPSK) module configured to generate multipleparallel BPSK symbols; and wherein the processor is configured toconvert the BPSK symbols into multiple tones using the LUT.

In still another embodiment, a method for use in authentication maycomprise storing a cryptographic key and a look up table (LUT);generating an access code using the cryptographic key; generatingmultiple parallel BPSK symbols based upon the access code; convertingthe BPSK symbols into multiple tones encoded with the access code usingthe LUT; and outputting the multiple tones encoded with the access codefor authentication. The method may further comprise repeating the BPSKsymbols a selected number of times before converting the BPSK symbols.Here, repeating the BPSK symbols may comprise repeating a set of threeBPSK symbols the selected number of times; and converting the BPSKsymbols may comprise converting each set of three BPSK symbols into themultiple tones using the LUT.

In a further embodiment, an apparatus for use in authentication maycomprise means for storing a cryptographic key and a look up table(LUT); means for generating an access code using the cryptographic key;means for generating multiple parallel BPSK symbols based upon theaccess code; means for converting the BPSK symbols into multiple tonesencoded with the access code using the LUT; and means for outputting themultiple tones encoded with the access code for authentication. Theapparatus may further comprise means for repeating the BPSK symbols aselected number of times; wherein the means for converting the BPSKconverts the repeated BPSK symbols.

In still a further embodiment, an apparatus for use in authenticationmay comprise a storage medium configured to store a cryptographic key; aprocessor coupled to the storage medium, configured to generate anaccess code using the cryptographic key; a converter coupled to theprocessor, configured to convert the access code into multiple tonesencoded with the access code; and an audio output unit coupled to theconverter, configured to output the multiple tones encoded with theaccess code for authentication; wherein the converter may comprise abinary phase shift keying (BPSK) module configured to generate multipleparallel repeated BPSK symbols based on the access code; an inverse fastfourier transform (IFFT) module coupled to the BPSK module, configuredto perform IFFT on the repeated BPSK symbols to generate code symbols;and an up-converter coupled to the IFFT module, configured to modulatethe code symbols into the multiple tones encoded with the access code.

In yet another embodiment, a method for use in authentication maycomprise storing a cryptographic key; generating an access code usingthe cryptographic key; generating multiple parallel binary phase shiftkeying (BPSK) symbols based upon the access code; repeating the BPSKsymbols a selected number of times before converting the BPSK symbols;performing inverse fast fourier transform (IFFT) on the repeated BPSKsymbols to generate IFFT symbols; modulating the IFFT symbols into themultiple tones encoded with the access code; and outputting the multipletones encoded with the access code for authentication.

In yet another embodiment, an apparatus for use in authenticationcomprises means for storing a cryptographic key; means for generating anaccess code using the cryptographic key; means for generating multipleparallel binary phase shift keying (BPSK) symbols based upon the accesscode; means for repeating the BPSK symbols a selected number of timesbefore converting the BPSK symbols; means for performing inverse fastfourier transform (IFFT) on the repeated BPSK symbols to generate IFFTsymbols; means for modulating the IFFT symbols into the multiple tonesencoded with the access code; and means for outputting the multipletones encoded with the access code for authentication.

Yet in a further embodiment, an apparatus for use in verification maycomprise an audio input unit configured to receive multiple tonesencoded with an access code; a converter coupled to the audio inputunit, configured to recover the access code from the multiple tonesencoded with the access code; and wherein the converter may comprises adown-converter configured to demodulate the multiple tones into IFFTsymbols; a fast fourier transform (FFT) module configured to generatemultiple parallel BPSK symbols from the IFFT symbols; a BPSK modulecoupled to the processor, configured to convert the BPSK symbols into anencoded interleaved bit stream of the access code; a de-interleavercoupled to the BPSK module, configured to de-interleave the encodedinterleaved bit stream; and a decoding module coupled to thede-interleaver, configured to recover the access code from the encodedde-interleaved bit stream. The apparatus may further comprise a storagemedium configured to store a cryptographic key; and a processor coupledto the storage medium and the converter, configured to verify the accesscode using the cryptographic key and to grant access if the access codeis verified. Also, the FFT module may convert the multiple tones intorepeated sets of BPSK symbols and generate a selected set of BPSKsymbols; wherein the BPSK module converts the selected set of BPSKsymbols.

In still another embodiment, a method for use in verification maycomprise receiving multiple tones encoded with an access code;generating multiple parallel BPSK symbols from the multiple tones;converting the BPSK symbols into an encoded interleaved bit stream ofthe access code; de-interleaving the encoded interleaved bit stream; andrecovering the access code from the encoded de-interleaved bit stream.Here, performing FFT may comprise generating repeated BPSK symbols;wherein the method further comprises generating a selected set of BPSKsymbols from the repeated BPSK symbols; and wherein performing the BPSKcomprises converting the selected set of BPSK symbols into the encodedinterleaved bit stream. Also, performing the FFT may comprise convertingthe IFFT symbols into repeated sets of three BPSK symbols; whereingenerating the selected set of BPSK symbols comprises selecting threeBPSK symbols from the repeated sets of three BPSK symbols to generatethe selected set of BPSK symbols. Alternatively, performing the FFT maycomprise converting the IFFT symbols into repeated sets of three BPSKsymbols; wherein generating the selected set of BPSK symbols comprisesselecting one of the repeated sets of three BPSK symbols to generate theselected set of BPSK symbols.

In still yet another embodiment, an apparatus for use in verificationmay comprise means for receiving multiple tones encoded with an accesscode; means for demodulating the multiple tones into inverse fastfourier transform (IFFT) symbols; means for performing fast fouriertransform (FFT) to generate repeated BPSK symbols from the IFFT symbols;means for generating a selected set of BPSK symbols from the repeatedBPSK symbols; means for converting the selected set of BPSK symbols intoan encoded interleaved bit stream of the access code; means forde-interleaving the encoded interleaved bit stream; and means forrecovering the access code from the encoded de-interleaved bit stream.

BRIEF DESCRIPTION OF THE DRAWINGS

Various embodiments will be described in detail with reference to thefollowing drawings in which like reference numerals refer to likeelements, wherein:

FIG. 1 shows a system for digital authentication over an acousticchannel;

FIG. 2 shows an example embodiment of a token;

FIG. 3 shows an example embodiment of a verifier;

FIG. 4 shows an example method for digital authentication using anacoustic channel;

FIGS. 5A and 5B show examples of BPSK symbols;

FIG. 5C shows an example of a LUT;

FIG. 6 shows an example method for digital verification using anacoustic channel;

FIGS. 7A and 7B show examples of an original repeated sets of BPSKsymbols and a recovered repeated sets of BPSK symbols;

FIGS. 7C and 7D show examples of selected set of BPSK symbols;

FIG. 8 shows another example embodiment of a token;

FIG. 9 shows another example method for digital authentication using anacoustic channel;

FIG. 10 shows another example method for digital verification using anacoustic channel;

FIG. 11A to 11D show other example systems for digital authenticationover an acoustic channel;

FIG. 12 shows an example embodiment of a receiver;

FIG. 13 shows an another embodiment of a receiver; and

FIGS. 14A and 14B show example housings for a token.

DETAILED DESCRIPTION

Generally, embodiments disclosed use the acoustic channel for digitalauthentication of a user or entity. In the following description,specific details are given to provide a thorough understanding of theembodiments. However, it will be understood by one of ordinary skill inthe art that the embodiments may be practiced without these specificdetail. For example, circuits may be shown in block diagrams in ordernot to obscure the embodiments in unnecessary details. In otherinstances, well-known circuits, structures and techniques may be shownin detail in order to better explain the embodiments.

Also, it is noted that the embodiments may be described as a processwhich is depicted as a flowchart, a flow diagram, a structure diagram,or a block diagram. Although a flowchart may describe the operations asa sequential process, many of the operations can be performed inparallel or concurrently. In addition, the order of the operations maybe re-arranged. A process is terminated when its operations arecompleted. A process may correspond to a method, a function, aprocedure, a subroutine, a subprogram, etc. When a process correspondsto a function, its termination corresponds to a return of the functionto the calling function or the main function.

Moreover, as disclosed herein, the term “sound wave” refers to acousticwave or pressure waves or vibrations traveling through gas, liquid orsolid. Sound waves include ultrasonic, audio and infrasonic waves. Theterm “audio wave” refers to sound wave frequencies lying within theaudible spectrum, which is approximately 20 Hz to 20 kHz. The term“ultrasonic wave” refers to sound wave frequencies lying above theaudible spectrum and the term “infrasonic wave” refers to sound wavefrequencies lying below the audible spectrum. The term “storage medium”represents one or more devices for storing data, including read onlymemory (ROM), random access memory (RAM), magnetic disk storage mediums,optical storage mediums, flash memory devices and/or other machinereadable mediums for storing information. The term “machine readablemedium” includes, but is not limited to portable or fixed storagedevices, optical storage devices, wireless channels and various otherdevices capable of storing, containing or carrying codes and/or data.The term “tone” refers to a sound wave carrier signal of certain pitchand vibration that carry digital data. The term “multiple tones” refersto three or more tones. The term “authentication” refers to verificationof an identity, and the terms authentication and verification will beused interchangeably.

FIG. 1 shows an example system 100 for digital authentication over anacoustic channel. In system 100, a verifier device 110 controls accessto a secure network, system and/or application over a publiccommunication infrastructure such as the Internet 120. Although accessmay be gained through a public communication infrastructure other thanInternet 120, for purposes of explanation, system 100 will be describedwith reference to Internet 120.

To gain access over Internet 120, a device such as a token 130 providesan access code to verifier device 110 through a wireless communicationdevice (WCD) 140. The access code is communicated from token 130 to WCD140 through an acoustic channel. The access code is generated using acryptographic key that is securely stored within token 130 and isencoded into sound waves for communication. More particularly,multi-carrier modulation is used to encode the generated access codeinto multiple tones and corresponding multi-carrier demodulation is usedto recover the access code from the multiple tones.

User of token 130 may also provide a user information such as a usernameto verifier device 110. Here, the user information may be encoded intosound waves and communicated along with the access code to WCD 140.Alternatively, the user information may be entered directly into WCD140. WCD 140 may then forward the access code and user information toverifier device 110 over Internet 120 for authentication. In stillanother alternative embodiment, the user information may be an assignedidentification number of token 130. Thus, a user need not input the userinformation. The identification number is encoded automatically intosound waves along with the access code and communicated to WCD 140. Onceaccess is granted, WCD 140 may be used to communicate with the securenetwork or system.

To forward the access code and/or user information, WCD 140 may recoverthe access code and/or user information, if encoded, from the soundwaves. WCD 140 may then forward the access code and/or user informationto verifier device 110. Alternatively, the sound waves encoded theaccess code and the sound waves encoded with the user information, ifencoded, may be transmitted to verifier device 110. The access codeand/or user information may then be recovered from the sound waves byverifier device 110. Here, the access code and user information, or thesound waves encoded with the access code and/or user information, may betransmitted using any known communication technology that allows accessto Internet 120 in system 100.

Token 130 is typically a portable device that may be small enough to becarried in pockets and/or attached to a key chain. Physical possessionof token 130 provides an aspect of the required verification, in thesame manner that the physical possession of a key allows an individualto gain access through a locked door. Therefore, token 130 serves as anauthentication tool and, other than communication by sound waves, token130 need not have the conventional wireless communication capabilitiesto directly transmit an access code to verifier device 110 over Internet120 or over other wireless and non-wireless infrastructures. Namely, insome embodiments, token 130 does not support wireless telecommunicationcapabilities; and does not include a wireless modem, network card and/orother wireless links to a private or public communication infrastructuresuch as Internet 120. As a result, the access code is transmitted overInternet 120 by WCD 140. It is to be noted, however, that in alternativeembodiments, token 130 may be embedded into another device such as awireless phone or a personal data assistant. Also, although WCD 140 isshown as a personal desktop computer, it may be various other computingdevices such as but is not limited to laptop computer, PDAs, wirelessphones or security devices of homes, offices or vehicles.

The access code is generated using a cryptographic key that is securelystored within token 130. The cryptographic key may be placed into token130 at manufacture and is not known by the user. Here, two types ofcryptographic keys may be used for digital authentication, symmetriccryptographic system and asymmetric cryptographic system. In symmetriccryptographic system, the secret key or symmetric key that is keptsecret within token 130 is shared and placed in verifier device 110.Token 130 generates a digital signature using a secret key and thedigital signature is sent to verifier device 110 for authentication.Verifier device 110 verifies the digital signature based the same secretkey. In asymmetric cryptographic system, a private key and a public keyare generated for a user. The public key is shared with verifier device110 while the private key is kept secret within token 130. A digitalsignature is generated using the private key and sent to verifier device110. Verifier device 110 then verifies the digital signature based onthe user's public key.

In the above description, verifier device 110 identifies thecryptographic key that corresponds to a user based on the userinformation sent with the access code. Also, verifier device 110 may beimplemented as part of the secure network or system into which a userwants access. Alternatively, verifier device 110 may be locatedexternally from the secure network or system. Moreover, although FIG. 1show one verifier device 110, it would be apparent to those skilled inthe art that there may be more than one verifier device, eachcontrolling access to one or more networks/systems.

FIG. 2 shows a block diagram of an example embodiment of a token 200 andFIG. 3 shows an example embodiment of a corresponding verifier device300. Token 200 may comprise a storage medium 210 configured to store acryptographic key and a Look-up Table (LUT), a processor 220 configuredto generate an access code using the cryptographic key, a converter 230configured to convert the access code into multiple tones encoded withthe access code using the LUT, and an audio output unit 240 configuredto output the multiple tones encoded with the access code forverification. Verifier device 300 may comprise a storage medium 310configured to store a cryptographic key, a processor 320 configured togenerate an access code using the cryptographic key, an audio input unit330 configured to receive multiple tones encoded with an access codefrom a token, and a converter 340 configured to recover the access codefrom the multiple tones. Based on the cryptographic key, processor 320authenticates the access code of the user.

More particularly, an access code is converted to and from multipletones based on multi-carrier modulation. Therefore, converter 230modulates the access code into multi-carrier signals and converter 340demodulates the access code from multi-carrier signals using amulti-carrier system. A multi-carrier system is described in co-pendingU.S. application Ser. No. 10/356,144 and co-pending U.S. applicationSer. No. 10/356,425. In multi-carrier modulation, data stream to betransmitted is divided into multiple interleaved bit streams. Thisresults in multiple parallel bit streams having a much lower bit rate.Each bit stream is then used to modulate multiple carriers andtransmitted over separate carrier signals. Typically, multi-carriermodulation involves encoding, interleaving, digital modulating, InverseFast Fourier Transform (IFFT) processing and up-converting the datastream to be transmitted. Demodulation involves down-converting, FFTprocessing, digital demodulating, de-interleaving and decoding thereceived data stream. In converters 230 and 340, however, the LUT isused to facilitate modulation as described below.

Converter 230 of token 200 may comprise an encoding module 232, aninterleaver 234, a binary phase shift keying (BPSK) module 236 and aprocessor 238. Converter 340 of verifier device 300 may comprise a downconverter 341, a FFT module 343, a BPSK module 345, a de-interleaver 347and a decoding module 349. BPSK is a known technique of digitalmodulation that is simple to implement. Although BPSK does not result inthe most efficient use of an available bandwidth, it is less susceptibleto noise. Therefore, BPSK is used for converting the code symbols intotones. However, modulation techniques other than BPSK may be implementedin converters 230 and 340. Also, it should be noted that converter 230shows a simplified multi-carrier modulator based on BPSK. A more typicalcommercial multi-carrier modulator may have additional components suchas a preamble generator, a serial to parallel (S/P) converter orparallel to serial (P/S) converter. Similarly, converter 340 shows asimplified multi-carrier demodulator corresponding to converter 230, anda more typical commercial multi-carrier demodulator may also haveadditional components such as a synchronization unit, a S/P converterand a P/S converter.

Generally, encoding module 232 is configured to encode the bit stream orbit stream of the access code. The encoded bit stream are theninterleaved into interleaved bit streams or code symbols by interleaver234. BPSK module 236 is configured to generate multiple parallel BPSKsymbols from the code symbols. More particularly, the encoded bit streamare converted from serial to parallel into parallel code symbols. Theparallel code symbols are then mapped by BPSK module 236 into multipleparallel BPSK symbols. Here, the code symbols may be mapped into BPSKsymbols and then converted from serial to parallel BPSK symbols, or thecode symbols may be converted from serial to parallel and then mappedinto BPSK symbols. Also, the number of BPSK symbols correspond to thenumber of tones available in the multi-carrier system. In someembodiments, the multi-carrier tones have frequencies in the range fromabout 1 kHz to 3 kHz and the bandwidth allowed for each carrier woulddepend on the number of tones. For example, if the number of availabletones is 64, a bandwidth of about 31.25 Hz would be allowed for eachcarrier. The multiple BPSK symbols generated as described above areconverted into multiple tones using the LUT and converted from parallelto serial by processor 238. By implementing the LUT, BPSK symbols maydirectly be converted into multiple tones without IFFT processing andup-conversion. Detail operations of the LUT will be described below withreference to FIG. 5.

To recover the access code, converter 340 would perform a process thatis inverse to the process performed by converter 230. Namely, downconverter 341 is configured to demodulate the multiple tones intomultiple parallel IFFT symbols, FFT module 343 is configured to performFFT to generate multiple parallel BPSK symbols, BPSK module 345 isconfigured to convert the BPSK symbols into code symbols or encodedinterleaved bit stream of the access code, de-interleaver 347 isconfigured to de-interleave the code symbols, and decoding module 349 isconfigured to recover the access code from the encoded code symbols.More particularly, the down converter 341 may demodulate the multipletones into IFFT symbols, a S/P may convert the IFFT symbols from serialto parallel, FFT module 343 may perform FFT to generate multipleparallel BPSK symbols, BPSK module 345 may convert the BPSK symbols intomultiple parallel code symbols, de-interleaver 347 may de-interleave thecode symbols into encoded bit stream, and a P/S may convert the codesymbols from parallel to serial to be decoded by decoding module 349.Alternatively, the multiple tones may be converted from serial toparallel, FFT processed into multiple parallel BPSK symbols, convertedfrom parallel to serial, and BPSK processed for de-interleaving. Stillalternatively, the multiple tones may be converted from parallel toserial, FFT processed into multiple parallel BPSK symbols, BPSKprocessed into multiple parallel code symbols, converted from parallelto serial, and de-interleaved.

As in converters 230 and 340, a more typical token and verifier devicemay have additional components. In some embodiments, token 200 may alsocomprise an amplifier 260 configured to amplify the multiple tones fromconverter 230, and an activator or actuator 270 configured to receive asignal from a user that activates the authentication procedure. Actuator260 may be, but is not limited to, a switch, a push-button switch, atoggle switch or a dial or sound activated device. Token 200 may furthercomprise a clock module 250 configured to generate a time element. Insuch cases, processor 220 may be configured to generate an access codeusing the cryptographic key and the time element. Similarly, verifierdevice 300 may also comprise a clock module 350 configured to generatethe time element. In such cases, processor 320 may be configured togenerate an access code using the cryptographic key and the timeelement.

In token 200 and verifier device 300, clock modules 250 and 350 aresynchronized to generate a time element periodically, for example everyminute, hour, day or other selected increment as needed. This type ofauthentication is typically referred to as a session basedauthentication since the access code changes with each period of time.Also, storage mediums 210 and 310 may be databases of cryptographic keyscorresponding to different users of a network, system or application.Therefore, user information is sent to verifier device 300, as discussedabove, such that the appropriate cryptographic key is used at verifier300 in the authentication procedure.

FIG. 4 shows an example method 400 for transmitting an access code usingan acoustic channel. For access to a secure network, system orapplication, an access code is generated (410) by processor 220 using acryptographic key. Thereafter, multiple parallel BPSK symbols aregenerated (420) based upon the access code, and the BPSK symbols areconverted (430) into multiple tones encoded with the access code usingthe LUT. More particularly, the bit stream of the access code is encodedinto encoded bit stream. The encoded bit stream may be converted fromserial to parallel, interleaved into multiple parallel code symbols,BPSK mapped into multiple parallel BPSK symbols, and converted intomultiple tones using the LUT. Alternatively, the encoded bit stream maybe interleaved, BPSK mapped and then converted from serial to parallelinto multiple parallel BPSK symbols for conversion into multiple tones.Still alternatively, the encoded bit stream may be interleaved, and thenconverted from serial to parallel into multiple parallel code symbolsfor BPSK processing. Here, the cryptographic key and the LUT may bestored in storage medium 210, and processor 238 may convert the BPSKsymbols into the multiple tones using the LUT stored in storage medium210. The multiple tones encoded with the access code is then output(440) for authentication.

More particularly, the LUT is pre-calculated to map the BPSK symbolsinto designated tones. For example, each particular sequences of BPSKsymbols may be mapped and may correspond to one of various availabletones. Therefore, rather than performing IFFT on BPSK symbols andmodulating the IFFT symbols, the LUT converts the BPSK symbols directlyinto multiple tones.

In some embodiment, to enhance recovery of an access code, the BPSKsymbols are repeated a selected number of times before converting theBPSK symbols. The LUT may then be pre-calculated to map sets of BPSKsymbols into multiple tones. FIG. 5A to 5C shows an example of aconversion from repeated BPSK symbols into corresponding tones. Assuminga sequence of BPSK symbols {01110010} shown in FIG. 5A, a set of twoBPSK symbols {01, 11, 00, 10} are repeated twice into repeated BPSKsymbols {0101, 1111, 0000, 1010} as shown in FIG. 5B. The repeated BPSKsymbols can then be found in the LUT for conversion into correspondingtones. FIG. 5C shows an example LUT that may be used for converting thetwice repeated sets of two BPSK symbols. Here, each one of the LUTentries 0000˜1111 correspond to one of tones T1˜T16. Based on the LUT,the repeated BPSK symbols would correspond to tones {T6, T16, T1, T11}.

It should be noted that, the BPSK symbols shown in FIG. 5A wouldcorrespond to tones {T8, T3} if BPSK symbols are not repeated. Also, ifrepeated, the BPSK symbols may be repeated more than twice. Moreover,more than two BPSK symbols may be grouped into a set of BPSK symbols andthe sets of BPSK symbols may be repeated a selected number of times forconversion into multiple tones. Depending on the number of BPSK symbolsgrouped in a set and the number of times the set is repeated, the LUTmay also be adjusted. For example, a set of three BPSK symbols may berepeated three times. In such case, the LUT may have 512 entries rangingfrom 000000000˜111111111. Thereafter, the repeated sets of three BPSKsymbols may be converted into tones using the LUT.

To further enhance recovery of an access code, reference tones withreference phases may be added to the multiple tones. The reference tonesare then output with the multiple tones. Also, the multiple tones may beamplified before outputting the multiple tones. In addition, if a clockmodule is implemented, the access code is generated by processor 220using the cryptographic key and a time element. The access code may thenbe generated, converted and output from token 200 when a user inputs acommand through actuator 270.

FIG. 6 shows an example method 600 for verifying an access code using anacoustic channel. For verification, multiple tones encoded with anaccess code is received (610) through audio input module 330. Themultiple tones are down-converted or demodulated (620) by down-converter341 into multiple parallel IFFT symbols. FFT is then performed (630) byFFT module 343 to generate multiple parallel BPSK symbols. The BPSKsymbols are converted (640) by BPSK module 345 into encoded interleavedbit stream or code symbols and de-interleaved (650) by de-interleaver347. More particularly, the multiple tones may be demodulated andconverted from serial to parallel into multiple parallel IFFT symbols,FFT processed into multiple parallel BPSK symbols, BPSK mapped intomultiple parallel code symbols, and de-interleaved into encoded codesymbols. Alternatively, the multiple tones may be demodulated, convertedfrom serial to parallel, IFFT processed, and then converted fromparallel to serial into BPSK symbols for de-interleaving. Stillalternatively, the multiple tones may be demodulated, converted fromserial to parallel, FFT processed, BPSK mapped, and then converted fromparallel to serial into multiple parallel BPSK symbols forde-interleaving. Thereafter, the access code is recovered (660) bydecoding module 349 from the encoded code symbols. The access code isthen verified (670) by processor 320 using the cryptographic key andaccess is granted (680) if the access code is verified. Here, thecryptographic key may be stored in storage medium 310.

In method 600, if the BPSK symbols are repeated for conversion, themultiple tones are demodulated and FFT processed into repeated BPSKsymbols. A selected set of BPSK symbols is then generated from therepeated BPSK symbols and the selected set of BPSK symbols are convertedinto the code symbols or encoded interleaved bit stream. Here, BPSKmodule 345 may generate the selected set of BPSK symbols from therepeated BPSK symbols and convert the selected set into code symbols.FIG. 7A to 7D shows an example generation of the selected set of BPSKsymbols.

As shown, a set of two BPSK symbols are repeated twice into originalBPSK symbols of A₁B₁A₂B₂C₁D₁C₂B₂ and demodulated intoA′₁B′₁A′₂B′₂C′₁D′₁C′₂B′₂. The selected BPSK symbols can be generated byselecting one of the two set the repeated BPSK symbol as shown in FIG.7C. Alternatively, the selected BPSK symbols can be generated byselecting each BPSK symbol from any one of the repeated sets of BPSKsymbols as shown in FIG. 7D. It should be noted here that the multipletones may be converted into sets of more than two BPSK symbols. Forexample, the multiple tones may be converted into repeated sets of threeBPSK symbols. In such case, the selected set of BPSK symbols may begenerated by selecting one of each BPSK symbols from the repeated setsof three BPSK symbols. Alternatively, the selected set of BPSK symbolsmay be generated by selected one of the repeated sets of three BPSKsymbols.

Moreover, if reference tones with reference phases are received, themultiple tones are converted into BPSK symbols using the referencetones. Also, if a clock module is implemented, the access code isverified by processor 320 using the cryptographic key and a timeelement.

In tokens with limited processing power or speed, the LUT maysignificantly improve the efficiency and performance transmitting anaccess code using multiple tones. However, some embodiments may notimplement and use a LUT. FIG. 8 shows another example embodiment of atoken 800 that does not use LUT.

Token 800 comprises a storage medium 810 configured to store acryptographic key, a processor 820 configured to generate an access codeusing the cryptographic key, a converter 830 configured to convert theaccess code into multiple tones, and an audio output unit 840 configuredto output the multiple tones encoded with the access code forverification. In some embodiments, token 800 may comprise an amplifier860, an activator or actuator 870, and a clock module 880 as implementedby amplifier 260, actuator 270 and clock module 280 of token 200.

Generally, token 800 implements the same elements as the elements intoken 200.

However, the modulation by converter 830 is not based on a LUT.Accordingly, it would not be necessary to store a LUT in storage mediums810. Also, the process of converters 830 is based on the use of repeatedBPSK symbols. More particularly, converter 830 of token 800 may comprisean encoding module 831 configured to encode bit stream of the accesscode, an interleaver 833 configured to interleave the encoded bitstream, a BPSK module 835 configured to convert the interleaved bitstream or code symbols into BPSK symbols and to generate a selectednumber of repeated sets of BPSK symbols, IFFT module 837 configured toperform IFFT on the repeated BPSK symbols and an up-converter 839configured to modulate the IFFT symbols into multiple tones encoded withthe access code.

Accordingly, the encoded bit stream are converted from serial toparallel and mapped into multiple parallel BPSK symbols. A selectednumber of repeated sets of BPSK symbols are generated from the eachparallel BPSK symbols. Namely, multiple parallel repeated sets of BPSKsymbols are generated and correspond to the multiple parallel BPSKsymbols. The multiple repeated sets of BPSK symbols may then be IFFTprocessed and converted from parallel to serial for output. Here, thecode symbols may be mapped into BPSK symbols and then converted fromserial to parallel BPSK symbols, or the code symbols may be convertedfrom serial to parallel and then mapped into BPSK symbols.

FIG. 9 shows an example method 900 corresponding to token 800 fortransmitting an access code using an acoustic channel. For access to asecure network, system or application, an access code is generated (910)by processor 820 using a cryptographic key. Thereafter, multipleparallel repeated sets of BPSK symbols are generated (920) based uponthe access code and IFFT transform is performed (930) to generate IFFTsymbols. The IFFT symbols are modulated (940) then into multiple tonesencoded with the access code and the multiple tones may be output (980)by audio output unit 840 for authentication. Here, the cryptographic keymay be stored in storage medium 810.

More particularly, the bit stream of the access code may be encoded,converted from serial to parallel, interleaved, and BPSK mapped intomultiple parallel BPSK symbols. The BPSK symbols of each parallel BPSKsymbols are repeated a selected number of times as described withreference to FIGS. 5A to 5C, thereby generating multiple parallelrepeated set of BPSK symbols for IFFT processing. Alternatively, theencoded bit stream may be interleaved, BPSK mapped and then convertedfrom serial to parallel into multiple parallel BPSK symbols forrepeating. Still alternatively, the encoded bit stream may beinterleaved, and then converted from serial to parallel into multipleparallel code symbols for BPSK processing.

Furthermore, as in token 200, reference tones with reference phases maybe added to the multiple tones and the reference tones may be outputwith the multiple tones. Also, the multiple tones may be amplifiedbefore outputting the multiple tones. In addition, if a clock module isimplemented, the access code is generated by processor 820 using thecryptographic key and a time element. The access code may then begenerated, converted and output from token 800 when a user inputs acommand through actuator 870.

While the modulation by converter 830 is not based on the use of a LUT,the demodulation may be performed by verifier device 300 andcorresponding method 600 as described with reference to FIGS. 3 and 6.Accordingly, converter 340 corresponding with converter 830 may comprisedown converter 341 configured to demodulate the multiple tones into IFFTsymbols, FFT module 343 configured to perform FFT to generate repeatedBPSK symbols, BPSK module 345 configured to generate a selected set ofBPSK symbols from the repeated BPSK symbols and to convert the selectedset of BPSK symbols into code symbols or encoded interleaved bit streamof the access code, de-interleaver 347 configured to de-interleave thecode symbols, and a decoding module 349 configured to recover the accesscode from the encoded de-interleaved bit stream. As in token 200,modulation techniques other than BPSK may also be implemented inconverters 830 and 340.

FIG. 10 shows an example method 1000 corresponding to converter 830 forverifying an access code using an acoustic channel. For verification,multiple tones encoded with an access code is received (1010) throughaudio input module 330. The multiple tones are down-converted ordemodulated (1020) by down-converter 341 into IFFT symbols. FFT is thenperformed (1030) by FFT module 343 to generate repeated BPSK symbols anda selected set of BPSK symbols are generated (1040) from the repeatedBPSK symbols. Here, the selected set of BPSK symbols may be generated asdescribed with reference to FIGS. 7A to 7D. The selected BPSK symbolsare converted (1050) by BPSK module 345 into encoded interleaved bitstream or code symbols of the access code. Thereafter, the encodedinterleaved bit stream is de-interleaved (1060) by de-interleaver 347and the access code is recovered (1070) by decoding module 949 from theencoded de-interleaved bit stream. The access code is then verified(1080) by processor 320 using the cryptographic key stored in storagemedium 910 and access is granted (1090) if the access code is verified.

As in verifier device 300, if reference tones with reference phases arereceived, the multiple tones are converted into IFFT symbols using thereference tones. Also, if a clock module is implemented, the access codeis verified by processor 320 using the cryptographic key and a timeelement.

As described above, an access code and/or password may be encoded intomultiple tones, transmitted through a public communicationinfrastructure such as Internet 120, recovered from multiple tones, andverified to access a secure network, system and/or application.

While system 100 show one example, there may be other systems fordigital authentication over an acoustic channel. FIGS. 11A to 11D showsome additional example systems for digital authentication over anacoustic channel. In FIG. 11A, multiple tones encoded with an accesscode may be output and transmitted from a token 1110 to a receiverdevice 1120. The access code is then forwarded from receiver device 1120to a verifier device 1130 through a wireless or non-wirelesscommunication infrastructure 1140. In FIG. 11B, the multiple tonesencoded with an access code is output and transmitted from token 1110 toreceiver device 1120 through a wireless or non-wireless phone 1150.Thereafter, the access code is forwarded from receiver device 1120 to averifier device 1130 through a wireless or non-wireless communicationinfrastructure 1140. In FIGS. 11A and 11B, receiver device 1120 isimplemented remotely from verifier device 1130. In such cases, receiverdevice 1120 may be implemented non-remotely or as part of verifierdevice 1130 as shown in FIG. 11C. In FIG. 11C, token 1110 outputs themultiple tones encoded with the access code directly to areceiver/verifier device 1160. Alternatively, the multiple tones encodedwith the access code may be output and transmitted from token 1110 toreceiver/verifier 1160 through a wireless or non-wireless phone 1150.

The multiple tones encoded with the access code may thus be forwardedfrom receiver device 1120 to verifier device 1130, and verifier device1130 may recover the access code. In some embodiments, the access codemay be first be recovered from the multiple tones and then the recoveredaccess code may be forwarded from receiver device 1120 to verifierdevice 1130 for authentication. FIG. 12 shows one example of a receiver1200 corresponding to token 200 and FIG. 13 shows another example of areceiver 1300 corresponding to token 800, for recovering an access code.

Receiver 1200 comprises a storage medium 1210 configured to store a LUTcorresponding to the LUT in storage medium 210, an audio input unit 1220configured to receive multiple tones encoded with an access code from auser of a token, and a converter 1230 configured to recover the accesscode from the multiple tones using the LUT. Converter 1230 may comprisea processor 1232 configured to convert the multiple tones into BPSKsymbols using the LUT, a BPSK module 1234 is configured to performdemodulation based on BPSK to convert the BPSK symbols into code symbolsor encoded interleaved bit stream of the access code, a de-interleaver1236 is configured to de-interleave the code symbols, and a decodingmodule 1238 is configured to recover the access code from the encodedcode symbols.

Receiver 1300 comprises an audio input unit configured to receive soundwaves encoded with an access code from a user of a token, and aconverter 1320. Converter 1320 may comprise a down converter 1321configured to demodulate the multiple tones into IFFT symbols, a FFTmodule 1323 configured to perform FFT to generate repeated BPSK symbols,a BPSK module 1325 configured to generate a selected set of BPSK symbolsfrom the repeated BPSK symbols and to convert the selected set of BPSKsymbols into encoded interleaved bit stream of the access code, ade-interleaver 1327 configured to de-interleave the encoded interleavedbit stream, and a decoding module 1329 configured to recover the accesscode from the encoded de-interleaved bit stream.

Generally, a method corresponding to receiver 1200 for recovering anaccess code also corresponds to the method described with reference toFIG. 6. However, verification of a recovered access code and grantingaccess based on the access code is not performed by receiver 1200.Similarly, a method corresponding to receiver 1300 for recovering anaccess code also corresponds to the method described with reference toFIG. 11. However, verification of a recovered access code and grantingaccess based on the access code is not performed by receiver 1300.

Accordingly, an access code and/or password may be encoded into andrecovered from multiple tones. By using the acoustic channel to input anaccess code for authentication, there is no need for a display or aconstant computation needed for displaying an access code, therebyelongating the battery life of a token. Moreover, since the access codeis not manually entered by a user, less errors are less likely to occur,especially in a system that requires a user to input an access code morethan once during each access. In addition, because a standard speakerand/or microphone may be used, the system can easily be implementedwithout incurring significant cost.

Finally, embodiments may be implemented by hardware, software, firmware,middleware, microcode, or any combination thereof. When implemented insoftware, firmware, middleware or microcode, the program code or codesegments to perform the necessary tasks may be stored in a machinereadable medium such as storage medium 210, 310, 810, 1210 or a separatestorage medium (not shown). A processor such as processor 220, 230, 820or a separate processor (not shown) may perform the necessary tasks. Acode segment may represent a procedure, a function, a subprogram, aprogram, a routine, a subroutine, a module, a software package, a class,or any combination of instructions, data structures, or programstatements. A code segment may be coupled to another code segment or ahardware circuit by passing and/or receiving information, data,arguments, parameters, or memory contents. Information, arguments,parameters, data, etc. may be passed, forwarded, or transmitted via anysuitable means including memory sharing, message passing, token passing,network transmission, etc.

Furthermore, it should be apparent to those skilled in the art that theelements of tokens 200 and 800 may be rearranged without affecting theoperation of the token. Similarly, the elements of verifier device 300and/or receivers 1200, 1300 may be rearranged without affecting theoperations thereof. In addition, elements of tokens 200, 800; verifierdevice 300; and/or receivers 1200, 1300 may be implemented together. Forexample, processor 238 may be implemented together with processor 220and processor 348 may be implemented together with processor 320.

Moreover, in some embodiments, a token may be implemented with adisplay. FIG. 14A shows an example embodiment of a token having ahousing element 1410 implemented with a display 1420, actuator 1430 andaudio output unit 1440. FIG. 14B shows another example embodiment of atoken having a housing element 1450 implemented with a display 1460, anactuator 1470, an audio output unit 1480 and an opening 1480 throughhousing element 1450.

Therefore, the foregoing embodiments are merely examples and are not tobe construed as limiting the invention. The description of theembodiments is intended to be illustrative, and not to limit the scopeof the claims. As such, the present teachings can be readily applied toother types of apparatuses and many alternatives, modifications, andvariations will be apparent to those skilled in the art.

1. Apparatus for use in authentication comprising: a storage mediumconfigured to store a cryptographic key and a look up table (LUT); afirst processor coupled to the storage medium, configured to generate anaccess code using the cryptographic key; a converter coupled to theprocessor, configured to convert the access code into multiple tonesencoded with the access code; and an audio output unit configured tooutput the multiple tones encoded with the access code forauthentication; wherein the converter comprises: a binary phase shiftkeying (BPSK) module configured to generate multiple parallel BPSKsymbols; and a second processor coupled to the BPSK module and thestorage medium, configured to convert the BPSK symbols into the multipletones using the LUT.
 2. The apparatus of claim 1, wherein either one ofthe first or second processor is further configured to repeat the BPSKsymbols a selected number of times; and wherein the second processorconverts repeated BPSK symbols into the multiple tones.
 3. The apparatusof claim 1, further comprising: a clock module coupled to the firstprocessor, configured to generate time elements; and wherein the firstprocessor is configured to generate the access code using thecryptographic key and a time element.
 4. The apparatus of claim 1,further comprising: an actuator coupled to the first processor,configured to receive a user command; and wherein, the first processoris configured to generate the access code when the user command isreceived.
 5. The apparatus of claim 1, further comprising: a housingelement configured to encase the storage medium, the first processor,the converter and the audio output unit; and an opening through thehousing element.
 6. The apparatus of claim 1, further comprising: anamplifier coupled to the converter, configured to amplify the multipletones; and wherein the audio output unit is configured to output theamplified multiple tones.
 7. The apparatus of claim 1, furthercomprising: a display module coupled to the first processor, configuredto display the access code.
 8. The apparatus of claim 1, furthercomprising: a user input configured to receive a personal identificationnumber (PIN); wherein the converter is configured to convert the PINinto multiple tones encoded with the PIN; and wherein the audio outputunit is further configured to output the multiple tones encoded with thePIN for authentication.
 9. Apparatus for use in authenticationcomprising: a storage medium configured to store a cryptographic key anda look up table (LUT); a processor coupled to the storage medium,configured to generate an access code using the cryptographic key; aconverter coupled to the processor, configured to convert the accesscode into multiple tones encoded with the access code; and an audiooutput unit configured to output the multiple tones encoded with theaccess code for authentication; wherein the converter comprises: abinary phase shift keying (BPSK) module configured to generate multipleparallel BPSK symbols; and wherein the processor is configured toconvert the BPSK symbols into multiple tones using the LUT.
 10. A methodfor use in authentication comprising: storing a cryptographic key and alook up table (LUT); generating an access code using the cryptographickey; generating multiple parallel binary phase shift keying (BPSK)symbols based upon the access code; converting the BPSK symbols intomultiple tones encoded with the access code using the LUT; andoutputting the multiple tones encoded with the access code forauthentication.
 11. The method of claim 10, further comprising:repeating the BPSK symbols a selected number of times before convertingthe BPSK symbols.
 12. The method of claim 11, wherein repeating the BPSKsymbols comprises repeating a set of three BPSK symbols the selectednumber of times; and wherein converting the BPSK symbols comprisesconverting each set of three BPSK symbols into the multiple tones usingthe LUT.
 13. The method of claim 10, further comprising: adding to themultiple tones, reference tones with reference phases; and outputtingthe reference tones with the multiple tones.
 14. The method of claim 10,further comprising generating time elements; and wherein generating theaccess code comprises generating the access code using the cryptographickey and a time element.
 15. The method of claim 10, further comprisingreceiving a user command; and wherein generating the access codecomprises generating the access code when the user command is received.16. The method of claim 10, further comprising: amplifying the multipletones before outputting the multiple tones.
 17. The method of claim 10,further comprising: receiving a personal identification number (PIN);converting the PIN into multiple tones encoded with the PIN; andoutputting the multiple tones encoded with the PIN for authentication.18. Apparatus for use in authentication comprising: means for storing acryptographic key and a look up table (LUT); means for generating anaccess code using the cryptographic key; means for generating multipleparallel BPSK symbols based upon the access code; means for convertingthe BPSK symbols into multiple tones encoded with the access code usingthe LUT; and means for outputting the multiple tones encoded with theaccess code for authentication.
 19. The apparatus of claim 18, furthercomprising means for repeating the BPSK symbols a selected number oftimes; and wherein the means for converting the BPSK converts therepeated BPSK symbols.
 20. The apparatus of claim 18, further comprisingmeans for adding to the multiple tones, reference tones with referencephases; and wherein the means for outputting the multiple tones outputsthe reference tones with the multiple tones.
 21. The apparatus of claim18, further comprising means for generating time elements; and whereinthe means for generating the access code generates the access code usingthe cryptographic key and a time element.
 22. The apparatus of claim 18,further comprising means for receiving a user command; and wherein themeans for generating the access code generates the access code when theuser command is received.
 23. The apparatus of claim 18, furthercomprising means for amplifying the multiple tones; and wherein meansfor outputting the multiple tones outputs the amplified multiple tones.24. The apparatus of claim 18, further comprising: means for receiving apersonal identification number (PIN); means for converting the PIN intomultiple tones encoded with the PIN; and means for outputting themultiple tones encoded with the PIN for authentication.
 25. Apparatusfor use in authentication comprising: a storage medium configured tostore a cryptographic key; a processor coupled to the storage medium,configured to generate an access code using the cryptographic key; aconverter coupled to the processor, configured to convert the accesscode into multiple tones encoded with the access code; and an audiooutput unit coupled to the converter, configured to output the multipletones encoded with the access code for authentication; wherein theconverter comprises: a binary phase shift keying (BPSK) moduleconfigured to generate multiple parallel repeated BPSK symbols based onthe access code; an inverse fast fourier transform (IFFT) module coupledto the BPSK module, configured to perform IFFT on the repeated BPSKsymbols to generate code symbols; and an up-converter coupled to theIFFT module, configured to modulate the code symbols into the multipletones encoded with the access code.
 26. A method for use inauthentication comprising: storing a cryptographic key; generating anaccess code using the cryptographic key; generating multiple parallelbinary phase shift keying (BPSK) symbols based upon the access code;repeating the BPSK symbols a selected number of times before convertingthe BPSK symbols; performing inverse fast fourier transform (IFFT) onthe repeated BPSK symbols to generate IFFT symbols; modulating the IFFTsymbols into the multiple tones encoded with the access code; andoutputting the multiple tones encoded with the access code forauthentication.
 27. The method of claim 26, wherein repeating the BPSKsymbols comprises repeating a set of three BPSK symbols the selectednumber of times; and wherein converting the BPSK symbols comprisesconverting each set of three BPSK symbols into the multiple tones usingthe LUT.
 28. Apparatus for use in authentication comprising: means forstoring a cryptographic key; means for generating an access code usingthe cryptographic key; means for generating multiple parallel binaryphase shift keying (BPSK) symbols based upon the access code; means forrepeating the BPSK symbols a selected number of times before convertingthe BPSK symbols; means for performing inverse fast fourier transform(IFFT) on the repeated BPSK symbols to generate IFFT symbols; means formodulating the IFFT symbols into the multiple tones encoded with theaccess code; and means for outputting the multiple tones encoded withthe access code for authentication.
 29. Apparatus for use inverification comprising: an audio input unit configured to receivemultiple tones encoded with an access code; a converter coupled to theaudio input unit, configured to recover the access code from themultiple tones encoded with the access code; and wherein the convertercomprises: a down-converter configured to demodulate the multiple tonesinto IFFT symbols; a fast fourier transform (FFT) module configured togenerate multiple parallel BPSK symbols from the IFFT symbols; a BPSKmodule coupled to the processor, configured to convert the BPSK symbolsinto an encoded interleaved bit stream of the access code; ade-interleaver coupled to the BPSK module, configured to de-interleavethe encoded interleaved bit stream; and a decoding module coupled to thede-interleaver, configured to recover the access code from the encodedde-interleaved bit stream.
 30. The apparatus of claim 29, furthercomprising: a storage medium configured to store a cryptographic key;and a processor coupled to the storage medium and the converter,configured to verify the access code using the cryptographic key and togrant access if the access code is verified.
 31. The apparatus of claim30, wherein the audio input unit is further configured to receivemultiple tones encoded with a personal identification number (PIN);wherein the converter is further configured to recover the PIN from themultiple tones encoded with the PIN; and wherein the processor isfurther configured to grant access if the access code and the PIN areverified.
 32. The apparatus of claim 30, further comprising: a clockmodule coupled to the first processor, configured to generate timeelements; and wherein the processor is configured to verify the accesscode using the cryptographic key and a time element.
 33. The apparatusof claim 29, wherein the FFT module converts the multiple tones intorepeated sets of BPSK symbols and generates a selected set of BPSKsymbols; and wherein the BPSK module converts the selected set of BPSKsymbols.
 34. A method for use in verification comprising: receivingmultiple tones encoded with an access code; generating multiple parallelBPSK symbols from the multiple tones; converting the BPSK symbols intoan encoded interleaved bit stream of the access code; de-interleavingthe encoded interleaved bit stream; and recovering the access code fromthe encoded de-interleaved bit stream.
 35. The method of claim 34,wherein performing FFT comprises generating repeated BPSK symbols;wherein the method further comprises generating a selected set of BPSKsymbols from the repeated BPSK symbols; and wherein performing the BPSKcomprises converting the selected set of BPSK symbols into the encodedinterleaved bit stream.
 36. The method of claim 35, wherein performingthe FFT comprises converting the IFFT symbols into repeated sets ofthree BPSK symbols; and wherein generating the selected set of BPSKsymbols comprises selecting three BPSK symbols from the repeated sets ofthree BPSK symbols to generate the selected set of BPSK symbols.
 37. Themethod of claim 35, wherein performing the FFT comprises converting theIFFT symbols into repeated sets of three BPSK symbols; and whereingenerating the selected set of BPSK symbols comprises selecting one ofthe repeated sets of three BPSK symbols to generate the selected set ofBPSK symbols.
 38. The method of claim 34, further comprising: storing acryptographic key; verifying the access code using the cryptographickey; and granting access if the access code is verified.
 39. The methodof claim 34, further comprising: receiving multiple tones encoded with apersonal identification number (PIN); recovering the PIN from themultiple tones encoded with the PIN; and granting access if the accesscode and the PIN are verified.
 40. The method of claim 34, furthercomprising: generating time elements; and wherein verifying the accesscode comprises verifying the access code using the cryptographic key anda time element.
 41. Apparatus for use in verification comprising: meansfor receiving multiple tones encoded with an access code; means fordemodulating the multiple tones into inverse fast fourier transform(IFFT) symbols; means for performing fast fourier transform (FFT) togenerate repeated BPSK symbols from the IFFT symbols; means forgenerating a selected set of BPSK symbols from the repeated BPSKsymbols; means for converting the selected set of BPSK symbols into anencoded interleaved bit stream of the access code; means forde-interleaving the encoded interleaved bit stream; and means forrecovering the access code from the encoded de-interleaved bit stream.42. The apparatus of claim 41, further comprising: means for storing acryptographic key; means for verifying the access code using thecryptographic key; and means for granting access if the access code isverified.